Junos Space Developer
Highlighted
Junos Space Developer

SRX replying with private IP for static NAT

02.12.18   |  
‎02-12-2018 08:58 AM

Hi All,

 

Wanted to check if it is default behaviour when static NAT is configured on SRX and anyone trying to resolve public hosted domain from internal network or trying from SRX with DNS 8.8.8.8 the response I am getting is private IP address. We need public hosted domain should always resolve to public IP instead of private IP. Please suggest.

 

Thanks.

3 REPLIES
Junos Space Developer

Re: SRX replying with private IP for static NAT

02.12.18   |  
‎02-12-2018 08:16 PM

Hi,

 

Seems like your post is not in the forum, can you try moving it to https://forums.juniper.net/t5/SRX-Services-Gateway/bd-p/srx

 

Thanks

Ashish Paul
Junos Space Developer

Re: SRX replying with private IP for static NAT

02.12.18   |  
‎02-12-2018 08:56 PM

Refer to Double/Dual NAT & Static NAT at the following doc:

https://kb.juniper.net/library/CUSTOMERSERVICE/technotes/Junos_NAT_Examples.pdf

https://kb.juniper.net/library/CUSTOMERSERVICE/technotes/TN8_3500151-en.pdf

 

 

 

 

 

 

/Karan Dhanak
# Please mark my solution as accepted if it helped, Kudos are appreciated as well.

Junos Space Developer

Re: SRX replying with private IP for static NAT

02.13.18   |  
‎02-13-2018 03:01 AM

Please check and see if the DNS ALG is turned on and turn it off.  This is only used when you want to avoid hairpin nat for DNS resources.  It sounds like it might be on here.

 

show security alg status

 

to turn off go to configure mode

set security alg dns disable

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home